On 28 Jul 2021, at 17:53, Carlos Joan Rafael Ibarra
Lopez <carl...@google.com> wrote:
For simple output when teaching, I'd
recommend switching to console.log, which would work
in this case, and is more well suited for that usecase.
Temporarily, sites such as codepen can enroll in the
trial to maintain this functionality.
On Wed, Jul 28, 2021 at 3:40 PM Manuel Torres
<torres...@gmail.com> wrote:
We use sites such as codepen.io
<http://codepen.io> to deliver JavaScript
training to many kids, since this update we
can't do simple JavaScript prompts and alerts
from codepen.io <http://codepen.io> and many of
our training material is now useless.
Manuel Torres
El miércoles, 28 de julio de 2021 a las 15:44:38
UTC-5, carl...@google.com escribió:
Affected sites can use the origin trial to
temporarily opt-out of this change
(additionally, in enterprise settings, an
enterprise policy
<https://chromeenterprise.google/policies/#SuppressDifferentOriginSubframeDialogs>
can be used to opt-out). As a permanent
solution though, sites will need to stop
relying on alert, confirm, and prompt, and
will instead need to implement similar
functionality directly in the site.
On Wed, Jul 28, 2021 at 12:06 AM Dmitry
Liamtsev <lyam...@gmail.com> wrote:
This is very bad news for me. My
corporative soft modules deployed on
many ports and integrates with iframes...
вторник, 27 июля 2021 г. в 19:00:03
UTC+3, wong spark:
Could you cancel the cross
sub-domain block?
在2021年7月13日星期二 UTC+8
上午1:06:21<carl...@google.com> 写道:
M92 will indeed enable the
blocking of JS dialogs usage on
different origin subframes by
default on Stable. You can use
the deprecation trial to
temporarily bypass the block.
-Carlos
On Mon, Jul 12, 2021 at 5:14 AM
Liang Stanley
<kaika...@gmail.com> wrote:
I've found M92 beta has
enable this feature.
Does M92 stable enable it
by default?
I mean, cannot use alert(),
confirm().
- Stanley
carl...@google.com 在
2021年6月11日 星期五下午11:51:57
[UTC+8] 的信中寫道:
The plan is to keep the
trial in until M96
-Carlos
On Fri, Jun 11, 2021 at
8:46 AM Chris Harrelson
<chri...@chromium.org>
wrote:
How long do you
intend to run the
deprecation trial?
There should be a
deadline in order to
make clear to
developers they have
a limited time to
fix their content.
On Thu, Jun 10, 2021
at 8:36 PM Yoav
Weiss
<yoav...@chromium.org>
wrote:
LGTM1 - a
deprecation
trial seems like
a good way to
(temporarily)
resolve the
issues we've run
into when trying
to remove this,
and give
developers more
time to move
away from
current usage.
On Fri, Jun 11,
2021 at 1:57 AM
'Carlos Joan
Rafael Ibarra
Lopez' via
blink-dev
<blin...@chromium.org>
wrote:
Contact
emails
carl...@chromium.org,
mea...@chromium.org
Explainer
None
Specification
https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#cannot-show-simple-dialogs
<https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#cannot-show-simple-dialogs>
Summary
Chrome
allows
iframes to
trigger
Javascript
dialogs, it
shows “<URL>
says ...”
when the
iframe is
the same
origin as
the top
frame, and
“An embedded
page on this
page
says...”
when the
iframe is
cross-origin.
The current
UX is
confusing,
and has
previously
led to
spoofs where
sites
pretend the
message
comes from
Chrome or a
different
website.
Removing
support for
cross origin
iframes’
ability to
trigger the
UI will
prevent this
kind of
spoofing,
and unblock
further UI
simplifications.
Blink
component
Blink>WindowDialog
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWindowDialog>
TAG
review
TAG
review
status
Pending
Risks
Interoperability
and
Compatibility
In total,
around
0.009% of
page loads
would be
affected by
the removal.
We believe
that core
functionality
will not be
severely
degraded,
since the
ability for
users to
disable JS
prompts
means sites
already
can’t rely
on JS
dialogs to
always be
displayed.
Gecko:
Positive
(https://github.com/whatwg/html/issues/5407
<https://github.com/whatwg/html/issues/5407>)
Firefox has
already
implemented
this behind
a flag, and
was
supportive
of the spec
change.
WebKit:
Positive
(https://github.com/whatwg/html/issues/5407
<https://github.com/whatwg/html/issues/5407>)
Safari has
not
implemented,
but they
were
supportive
of the spec
change.
Web
developers:
No signals
Security
Expected to
be security
positive by
reducing
spoofing
surfaces.
Goals
for
experimentation
Origin-trial
based opt
out was
suggested in
intent to
remove to
diminish
breakage
risks. See
https://groups.google.com/a/chromium.org/g/blink-dev/c/hTOXiBj3D6A/m/Uo8eLpUMBAAJ
<https://groups.google.com/a/chromium.org/g/blink-dev/c/hTOXiBj3D6A/m/Uo8eLpUMBAAJ>
for the
relevant
discusison.
Reason
this
experiment
is
being
extended
Ongoing
technical
constraints
Will
this
feature
be
supported
on
all
six
Blink
platforms
(Windows,
Mac,
Linux,
Chrome
OS,
Android,
and
Android
WebView)?
Yes
Is
this
feature
fully
tested
by
web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>?
Yes
Flag
name
SuppressDifferentOriginSubframeJSDialogs
Tracking
bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1065085
<https://bugs.chromium.org/p/chromium/issues/detail?id=1065085>
Link
to
entry
on
the
Chrome
Platform
Status
https://www.chromestatus.com/feature/5148698084376576
<https://www.chromestatus.com/feature/5148698084376576>
This intent
message was
generated by
Chrome
Platform
Status
<https://www.chromestatus.com/>.
--
You received
this message
because you
are
subscribed
to the
Google
Groups
"blink-dev"
group.
To
unsubscribe
from this
group and
stop
receiving
emails from
it, send an
email to
blink-dev+...@chromium.org.
To view this
discussion
on the web
visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAABgKfUshCk-RRpxeOYZvLsgA%2BNe%2BU%2Btn1%2B3khY6-q-utk2Ahg%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAABgKfUshCk-RRpxeOYZvLsgA%2BNe%2BU%2Btn1%2B3khY6-q-utk2Ahg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received
this message
because you are
subscribed to
the Google
Groups
"blink-dev" group.
To unsubscribe
from this group
and stop
receiving emails
from it, send an
email to
blink-dev+...@chromium.org.
To view this
discussion on
the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVAr%3D9s0VtNyxq0ud2X%2B_VQeZtpEVAq2jtzaSSvuHjoMA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVAr%3D9s0VtNyxq0ud2X%2B_VQeZtpEVAq2jtzaSSvuHjoMA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
